package net.wanho.security.config;

import lombok.RequiredArgsConstructor;
import net.wanho.security.filter.JwtFilter;
import net.wanho.security.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * Author：汤小洋
 * Date：2023-11-13 10:35
 * Description：<描述>
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启方法级别的权限控制
@RequiredArgsConstructor
public class SecurityConfig {

    private final AuthenticationSuccessHandler successHandler;
    private final AuthenticationFailureHandler failureHandler;
    private final AccessDeniedHandler deniedHandler;
    private final AuthenticationEntryPoint entryPoint;
    private final JwtFilter jwtFilter;

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // return http.authorizeRequests()
        //         // .mvcMatchers("/hello").permitAll()
        //         .mvcMatchers("/hello").hasRole("role_admin") // 角色
        //         .mvcMatchers("/user/list").hasAuthority("sys:user:list") // 权限
        //         .antMatchers("/css/**","/js/**","/images/**").permitAll()
        //         .anyRequest().authenticated()
        //         .and().formLogin().permitAll()
        //         .and().csrf().disable() // 关闭防御csrf攻击
        //         .build();

        // return http.authorizeRequests(req -> req
        //             .mvcMatchers("hello").hasRole("role_admin")
        //             .anyRequest().authenticated())
        //         .formLogin(form -> form
        //                 .loginPage("/login.html")
        //                 .usernameParameter("username")
        //                 .passwordParameter("password")
        //                 .loginProcessingUrl("/login")
        //                 .successHandler(successHandler)
        //                 .failureHandler(failureHandler)
        //                 .permitAll())
        //         .exceptionHandling(ex -> ex
        //                 .accessDeniedHandler(deniedHandler)
        //                 .authenticationEntryPoint(entryPoint))
        //         .rememberMe(rememberMe -> rememberMe
        //                 .rememberMeParameter("remember-me")
        //                 .rememberMeCookieName("remember-me-cookie")
        //                 .tokenValiditySeconds(7 * 24 * 60 * 60))
        //         .csrf(csrf -> csrf.disable())
        //         .build();

        return http.authorizeRequests(req -> req
                        .mvcMatchers("/auth/login").permitAll()
                        .anyRequest().authenticated())
                .exceptionHandling(ex -> ex.authenticationEntryPoint(entryPoint))
                .csrf(csrf -> csrf.disable())
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
                .build();
    }

}
